Democrats keep focus on cybersecurity during shutdown

WASHINGTON — Congressional Democrats are continuing to sound the alarm over staffing cuts at the nation’s cybersecurity agency and underscoring the need for the federal government to be prepared for cyberattacks.

The Department of Homeland Security, which includes the Cybersecurity and Infrastructure Security Agency, has laid off some workers and furloughed many others during the partial government shutdown.

DHS initially said in a court filing that it was issuing reduction-in-force notices to 176 employees. It later reduced that number to 54, though it did not specify how many CISA employees were affected. According to DHS’s shutdown plan, CISA had just over 2,500 employees at the end of May but will operate with fewer than 900 during the lapse in appropriations, with the rest furloughed. That number was prior to RIFs at DHS.

Rep. Eric Swalwell, D-Calif., who serves as ranking member of the House Homeland Security panel’s subcommittee on Cybersecurity and Infrastructure Protection, sent a letter to CISA earlier this month requesting specific information on staffing levels, including RIFs and possible reorganization to move employees away from cybersecurity to other DHS functions. He said in the letter that so far this year, “DHS and CISA have refused to share final numbers on how many employees have left the agency — despite numerous requests from Committee staff.”

“Amid reports that the Department of Homeland Security (DHS or the Department) is now forcibly transferring CISA’s cybersecurity employees to other DHS components, it has become apparent that the Department’s exclusive focus on its mass deportation campaign is coming at the expense of our national security.”

Rep. James R. Walkinshaw, D-Va., led an Oct. 20 letter to DHS with three other Democratic members of the House Oversight and Government Reform Committee, as well as Rep. Eugene Vindman, D-Va., asking for an explanation of the impact and motivation of RIFs at CISA.

“It is difficult to understand how defending the nation’s cyber and physical infrastructure could be viewed as inconsistent with the President’s stated goal of protecting the homeland,” the letter said. “The decision to dismantle CISA’s workforce exposes the political nature of these actions. Firing CISA employees during a shutdown while warning of escalating cyber threats reveals these RIFs for what they are: a political maneuver designed to pressure Congress rather than protect the country.”

A federal judge recently ordered the government to pause RIF notices issued to government employees represented by the unions that brought a lawsuit. However, DHS said that none of its RIF notices were impacted by the order.

In an Oct. 10 statement, DHS attributed planned RIFS at the cybersecurity agency to attempts to move away from CISA’s previous work on fighting mis- and disinformation.

“During the last administration CISA was focused on censorship, branding and electioneering. This is part of getting CISA back on mission,” the statement said.

According to a Democratic House staffer, “Congress is not being kept sufficiently informed on CISA.”

Instead, they said members and staff alike are finding out about staffing changes through media reports and informal contacts with former CISA employees.

“It’s all very circuitous ways of finding this stuff out, when we should be at least being informed directly by CISA or DHS,” they said.

The staffer said that as of Thursday afternoon, Swalwell’s letter focused on possible reassignment of CISA employees to elsewhere within DHS had not gotten a formal response to its questions on CISA staffing levels, RIFS, and reassignments. They said staff don’t know to what extent such reassignment is happening.

“Are they being sent to do cybersecurity for ICE? Are they not working on cybersecurity issues?” they said. “We’re not really sure.”

Sen. Richard Blumenthal, D-Conn., who serves on the Senate Homeland Security and Governmental Affairs Committee, said he also doesn’t have “precise details” on changes at CISA.

“I’m trying to look into what may be happening there,”he said. “But it could very significantly alter both its mission and its functions.”

‘Statutory mission’

Some Republicans have accused CISA under the Biden administration of “jawboning” — indirect censorship — through its contacts with social media platforms, including flagging misinformation about elections or COVID-19.

A spokesperson for Sen. James Lankford, R-Okla., who chairs the Senate Homeland Border Management, Federal Workforce, and Regulatory Affairs panel, said in a statement that, “The Administration has been clear that its priority is returning CISA to its statutory mission. Based on the information available, the RIF appears intended to support that goal.”

Controversy over its focus has put cracks in bipartisan support for CISA’s cybersecurity work. Despite that, Blumenthal is opposed to moving those core functions to another agency “unless someone has a radically better idea” for a replacement.

“I see no reason for change, simply for the sake of change, and my suspicion is it’s for malign reasons, not good ones. In other words, the reason to do it may be to dilute the authority of that kind of protective agency,” he said.

Coordination role

Derrick Cogburn, a professor in the Department of Information Technology & Analytics at American University’s business school, said he’s heard of cuts to CISA’s mission support, operations, risk management and stakeholder engagement. He said the latter helps raise awareness of cybersecurity concerns and was “hit one of the hardest.”

“In each of those areas, the cuts that I’ve been hearing about are pretty severe,” he said.

He said that CISA is key to coordinating on cybersecurity between other elements of the federal government, including the National Security Agency and the Office of the Director of National Intelligence.

“The fact that there will be fewer people, fewer employees across these very critical sectors of CISA will make it harder to be able to play that role,” he said.

The House Homeland Security Committee’s ranking member, Rep. Bennie Thompson, D-Miss., said in a statement that “average Americans” would suffer the consequences of the shutdown and blamed the Trump administration.

“It is apparently so intent (on) denying Americans affordable health care that they will fire members of the national security workforce to distract the public and avoid negotiating with Democrats. The rumored RIFs at DHS mean less support for hospitals and water facilities defending against cyberattacks.”

Sen. Andy Kim, D-N.J., also serves on the Senate Homeland panel and said that attacks on CISA started well before the shutdown.

“What I see is, like, an effort to essentially cripple CISA from doing a lot of its core functions,” he said. He added, “It’s something that’s going to leave us as a country much more vulnerable.”

Appropriations

Prior to the lapse in appropriations, CISA’s operations were funded at the fiscal 2024 level of $2.3 billion. The House Appropriations Committee approved a fiscal 2026 bill in June that would appropriate $2.2 billion for CISA, above the DHS budget request for $1.9 billion. The Senate Appropriations panel was scheduled to mark up its Homeland Security bill in early September, but the markup was postponed.

Kim said that in budget negotiations he saw broad agreement that the number of cyberattacks is increasing, but was disappointed to see DHS’ request for CISA was 17% lower than the existing level.

“There’s a lot that makes no sense to me,” he said, going on to add that, “When I talk to even some of my Republican colleagues about the importance (of) cybersecurity, and then just seeing, like, really, the lack of any pushback.”

At a House Homeland Security Committee budget hearing in May, then-committee member and current Chair Andrew Garbarino, R-N.Y., said he was “all on board with getting rid of disinformation and misinformation. And I was supportive of that cut.”

But, Garbarino said, the changes at CISA are larger than what would be needed just to cut the mis- and disinformation efforts that have drawn political criticism. He said that work only represented $20 million of CISA’s budget in fiscal 2023, and that the budget request would cut hundreds of millions more.

Homeland Security Secretary Kristi Noem responded that the cuts were about responding to CISA getting “off mission,” though she did not list other areas of CISA that would be cut outside of fighting misinformation.

At that May hearing, Garbarino also expressed concern that reduced CISA staffing “will not help CISA accomplish the mission of protecting cybersecurity.”

In a statement responding to the current RIFs at CISA, Garbarino put blame on Democrats who have not voted for a House-passed continuing resolution. He said the choice had “undermined our homeland security and the personnel who are now working without pay to uphold it.”

“I will continue to advocate for our skilled cybersecurity workforce while engaging with the Trump administration in its efforts to right-steer CISA back to its core mission: protecting critical infrastructure and defending our federal civilian networks,” the statement said.

CISA doesn’t currently have a confirmed director. Sen. Ron Wyden, D-Ore., placed a hold in April on the nomination of Sean Plankey, which the Senate Homeland committee reported favorably in July.

_____

(Aris Folley contributed to this report.)